I was assigned to work on IDS using snort for my internship project. On my study to understand what IDSs is all about i can't seem to clearly understand the different detection techniques ( Signature based and Anomaly Based)
CodePudding user response:
I would suggest to read the following article, it is short and comprehensible:
https://www.n-able.com/blog/intrusion-detection-system
For short:
Signature-based detection scans for known/similar threats stored in a database. Anomaly-based detection analyses traffic etc. and finds "anomalies" via algorithmns.